THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Code Block |
|---|
from("splunk://normal?delay=5s&username=user&password=123&initEarliestTime=-10s&search=search index=myindex sourcetype=someSourcetype").to("direct:search-result");
|
URI Options
Name | Default Value | Context | Description |
|---|---|---|---|
host | localhost | Shared | The Splunk host. |
port | 8089 | Shared | Splunk port |
username | null | Shared | Mandatory Splunk username |
password | null | Shared | Mandatory Splunk password |
connectionTimeout | 5000 | Shared | Timeout in MS when connecting to Splunk server |
useSunHttpsHandler | false | Shared | Use sun.net.www.protocol.https.Handler Https hanlder to establish the Splunk Connection. Can be useful when running in application servers to avoid app. server https handling. |
index | null | Producer | Splunk index to write to |
sourceType | null | Producer | Splunk SourceType arguement |
source | null | Producer | Splunk Source arguement |
tcpReceiverPort | 0 | Producer | Splunk tcp reciever port when using tcp producer endpoint. |
initEarliestTime | null | Consumer | Initial start offset of the first search. Required |
earliestTime | null | Consumer | Earliest time of the search time window. |
latestTime | null | Consumer | Latest time of the search time window. |
count | 0 | Consumer | A number that indicates the maximum number of entities to return. Note this is not the same as maxMessagesPerPoll which currently is unsupported |
search | null | Consumer | The Splunk query to run |
savedSearch | null | Consumer | The name of the query saved in Splunk to run |